Security Information & Event Management (SIEM) , Security Operations
SIEM Stalwart LogRhythm to Merge With Exabeam
Cisco's Earlier Acquisition of Splunk Makes Waves in the SIEM MarketThere's more consolidation in the SIEM market following today's announcement by LogRhythm and Exabeam that they've reached an agreement to merge.
Details about the announced merger between the two privately held companies are scarce, including terms of the deal and who will lead the new joined company. The companies estimate the merger will close during the third quarter of this year.
"Vigilant CISOs have eagerly awaited the emergence of a strong, customer-obsessed, singularly focused global leader in AI-driven security operations - one that offers a best of breed alternative to the frustratingly complex options on the market today. That day has arrived," asserted LogRhythm CEO Chris O'Malley.
Colorado-based LogRhythm is one of the original SIEM players. Unlike fellow stalwart Splunk, it's not being folded into a larger company. Instead, it is banking its future on synergies with California's Exabeam. IDC data from 2022 puts LogRhythm as sixth largest in the SIEM market and Exabeam as the eighth largest. Combined, they would be the fourth-largest SIEM vendor by revenue.
Networking giant Cisco's $28 billion acquisition of Splunk in a deal completed only weeks ago has created a potential opening in the SIEM market for practitioners concerned about Splunk's viability under Cisco tutelage while also pressuring SIEM firms to shore up their offerings, Forrester Principal Analyst Allie Mellen told Information Security Media Group.
"There are synergies from a technology perspective" in joining Exabeam's user analytics with LogRhythm's SIEM capabilities, she said. "Bringing those companies together could be more effective, especially if they take it downmarket."
SIEM doubters have attempted for years now to write an obituary for the log data analysis SOC mainstay. SIEMs are expensive, depend on third-party integrations and require human expertise to configure the alerts, so they can seem like a finicky money suck.
Extended detection and response platforms such as CrowdStrike and SentinelOne have acquired business analytics capabilities, and other platforms have built their own in a move to supplant SIEM with native alerts. But XDR lacks features that SIEM offers, such as user analytics and compliance demonstration, Mellen said.
Plus, "many of these platforms tend to be newer in the market, so they don't have the same level of integration, log collectors, third-party collection the SIEM vendors do."
The merger comes will challenges, she said. The company cultures are different: Exabeam's products tend toward the modular while LogRhythm offers suites. And merging won't address issues such as keeping pace with innovation and cloud migration. In the enterprise market, Microsoft is throwing its weight around with cloud-native Sentinel for Azure customers.
Still, each could be the missing piece the other needs, Mellen said.